My girlfriend received a spoofed email purporting to be from eBay. It said that her account was in jeopardy, blah blah blah. She clicked the link ( I think she downloaded and HTML file) and a pop up window from halfbay showed up. At this point, she called me and told me about it. I told her to close the window and delete the email. She had not entered ANY personal information at any point in time.
Her account was hijacked the next day. We contacted Ebay and they closed the account and removed the bogus listings. She changed her password and all was ok.
She posted another listing and the account was hijacked AGAIN. We called eBay and changed the password and also changed the user ID. She contacted the tech guy at her job and he ran the Trendmicro scan. Her PC came up clean. I updated her virus definitions and ran the scan also. Nothing was caught.
She posted an auction yesterday and her account was hijacked a THIRD time! I told her to completely close the account.
She never entered any personal information.
She does not have IE fill in the HTML login information.
She changed her password twice and her account was still compromised.
How are they doing this and how can I stop it?
I did find out that she doesn’t have a firewall installed. Could it be a keylogger was installed? How can I check if there is one rnning in the background?
I’m really stumped as to how they are doing this. Anyone have any ideas?
We also figured out that the hijacking program(?) is activated every time she posts a new auction. The hijacking occurs after the password/ID is reset and the first auction is posted.
Just what is making you/her think the account is being hijacked? Could you be misinterpreting something?
If you suspect a keystroke logger is present but can’t detect it, try using a different machine. Adaware has never gotten back to me when I asked about detection of “Lover Spy” a year ago. Does she have anyone who might want to spy on her? Is this a “public” computer, like in a cafe or library?
Yes, her account was definitely hijacked. eBay has a good detection system. We were notified the account was closed before we knew it has taken over. One we were able to see some of the fake listings and they were for high end camera equipment.
It’s not a public PC, it’s her laptop that is actually a work computer.
Well if there’s no firewall then anything goes, they can look at anything whatsoever that’s on her PC. Somewhere on there will be some file containing her eBay info, etc. I don’t have any recommendations on how to fix this (let others chime in), but eBay is probably not the only thing that’s been compromised.
Let me get this straight, her account was hijacked three times after posting auctions from three different computers? There is obviously something much more than spyware or keyloggers going on here.